I'm using Powerbroker PBIS Open to authenticate users on a Windows 2016 domain to Linux workstations and LXC containers running Ubuntu 18.04 and CentOS 7. However, I'm unable to accomplish this with an Ubuntu 20.04 client inside an LXC container.
I've been able to join it to the domain successfully, and running id on my domain account gives the expected results. However, when I attempt an ssh login from another host, the Ubuntu 20.04 host closes the connection. When I attempt to ssh from a local root shell I'm rejected. Then when I run:
systemctl status lwsmd.service
I get the error messages (actual user name and ID redaceted):
Aug 06 16:30:43 svr-ub3 lsass[466]: Unable to set up credentials cache with tgt for uid <my domain uid>
Aug 06 16:30:43 svr-ub3 lsass[466]: [lsass] Failed to authenticate user (name = '<my domain user>') -> error = 2, symbol = ERROR_FILE_NOT_FOUND, client pid = 905
I can see the ticket cache file /tmp/krb5cc_<my domain uid>, and listing it with klist shows it has the expected krbtgt and host tickets.
I'm running the latest PBISO version 9.1.0, installed from their APT repository. Looking at their list of supported platforms, Ubuntu 20 is conspicuously missing, and the next major release, 10.1, does support it, but is no longer on Github, and appears to be commercial only. A workstation with Ubuntu 18.04 which also runs PBISO 9.1.0 works properly with no issues.
Has anyone been able to install PBISO 9.1 on Ubuntu 20.04? If so, did you need any special workarounds? I haven't been able to find any PBISO logs (apart from one for the install). Where would you advise me to look in order to troubleshoot this?
